Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Webroot SecureAnywhere
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 28.0.0.161
Google Chrome (65.0.3325.146)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Bitdefender Agent ProductAgentService.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 27-01-2016
Ran by Bob (administrator) on 11-03-2018 at 10:17:04
Running from "C:\Users\Bob\Documents\Utilities\Bleeping Computer"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
MiniToolBox by Farbar Version: 17-06-2016
Ran by Bob (administrator) on 11-03-2018 at 10:23:05
Running from "C:\Users\Bob\Documents\Utilities\Bleeping Computer"
Microsoft Windows 10 Home (X64)
Model: HP ENVY x360 m6 Convertible Manufacturer: HP
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Intel® Dual Band Wireless-AC 7265 = Wi-Fi (Connected)
TAP-Windows Adapter V9 = PIA (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="PIA" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-NAE5VQN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : attlocal.net
Ethernet adapter PIA:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-CE-A3-32-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : DC-4A-3E-A7-62-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 18-5E-0F-2A-BB-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7265
Physical Address. . . . . . . . . : 8A-3C-C6-3F-C6-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2600:1700:c120:b370::19(Preferred)
Lease Obtained. . . . . . . . . . : Sunday, March 11, 2018 6:59:32 AM
Lease Expires . . . . . . . . . . : Sunday, March 25, 2018 6:59:32 AM
IPv6 Address. . . . . . . . . . . : 2600:1700:c120:b370:1d5d:bfa:e890:d2b2(Preferred)
Temporary IPv6 Address. . . . . . : 2600:1700:c120:b370:a459:3223:1dc3:c7fe(Preferred)
Link-local IPv6 Address . . . . . : fe80::1d5d:bfa:e890:d2b2%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 11, 2018 6:59:32 AM
Lease Expires . . . . . . . . . . : Monday, March 12, 2018 6:59:30 AM
Default Gateway . . . . . . . . . : fe80::3edf:a9ff:fed0:fe50%5
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 92945606
DHCPv6 Client DUID. . . . . . . . : 00-03-00-01-8A-3C-C6-3F-C6-E2
DNS Servers . . . . . . . . . . . : 2600:1700:c120:b370::1
192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
attlocal.net
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice6.attlocal.net
Address: 2600:1700:c120:b370::1
Name: google.com
Addresses: 2607:f8b0:4009:806::200e
172.217.4.206
Pinging google.com [2607:f8b0:4009:806::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:806::200e: time=71ms
Reply from 2607:f8b0:4009:806::200e: time=70ms
Ping statistics for 2607:f8b0:4009:806::200e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 71ms, Average = 70ms
Server: dsldevice6.attlocal.net
Address: 2600:1700:c120:b370::1
Name: yahoo.com
Addresses: 2001:4998:58:2201::73
2001:4998:c:e33::53
98.139.180.180
206.190.39.42
Pinging yahoo.com [2001:4998:c:e33::53] with 32 bytes of data:
Reply from 2001:4998:c:e33::53: time=47ms
Reply from 2001:4998:c:e33::53: time=46ms
Ping statistics for 2001:4998:c:e33::53:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 46ms, Maximum = 47ms, Average = 46ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff ce a3 32 8c ......TAP-Windows Adapter V9
4...dc 4a 3e a7 62 03 ......Realtek PCIe GBE Family Controller
2...18 5e 0f 2a bb 52 ......Microsoft Wi-Fi Direct Virtual Adapter
5...8a 3c c6 3f c6 e2 ......Intel® Dual Band Wireless-AC 7265
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.107 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.107 291
192.168.1.107 255.255.255.255 On-link 192.168.1.107 291
192.168.1.255 255.255.255.255 On-link 192.168.1.107 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.107 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.107 291
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
5 291 ::/0 fe80::3edf:a9ff:fed0:fe50
1 331 ::1/128 On-link
5 51 2600:1700:c120:b370::/60 fe80::3edf:a9ff:fed0:fe50
5 291 2600:1700:c120:b370::/64 On-link
5 291 2600:1700:c120:b370::19/128
On-link
5 291 2600:1700:c120:b370:1d5d:bfa:e890:d2b2/128
On-link
5 291 2600:1700:c120:b370:a459:3223:1dc3:c7fe/128
On-link
5 291 fe80::/64 On-link
5 291 fe80::1d5d:bfa:e890:d2b2/128
On-link
1 331 ff00::/8 On-link
5 291 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/11/2018 06:59:17 AM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 10:54:02 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname DESKTOP-NAE5VQN.local already in use; will try DESKTOP-NAE5VQN-2.local instead
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0996:011C:FCA8:888C
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:0996:011C:FCA8:888C:5353 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0000:0000:0000:0018
Error: (03/10/2018 07:22:10 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 04:21:05 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 03:02:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 1.3.4.0, time stamp: 0x54e2a903
Faulting module name: OLEAUT32.dll, version: 10.0.16299.15, time stamp: 0xa2f491b8
Exception code: 0xc0000005
Fault offset: 0x0001a884
Faulting process id: 0x1f74
Faulting application start time: 0xHPWMISVC.exe0
Faulting application path: HPWMISVC.exe1
Faulting module path: HPWMISVC.exe2
Report Id: HPWMISVC.exe3
Faulting package full name: HPWMISVC.exe4
Faulting package-relative application ID: HPWMISVC.exe5
Error: (03/10/2018 03:02:27 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 02:42:02 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
System errors:
=============
Error: (03/11/2018 09:53:42 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/11/2018 07:02:19 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 03:02:33 PM) (Source: Service Control Manager) (User: )
Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:36:14 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 09:35:42 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 08:25:12 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 08:20:45 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 08:06:29 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 07:57:05 AM) (Source: DCOM) (User: DESKTOP-NAE5VQN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-NAE5VQNBobS-1-5-21-3771988080-3016190582-6190279-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/10/2018 07:50:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (03/11/2018 06:59:17 AM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 10:54:02 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname DESKTOP-NAE5VQN.local already in use; will try DESKTOP-NAE5VQN-2.local instead
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0996:011C:FCA8:888C
Error: (03/10/2018 07:22:22 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:0996:011C:FCA8:888C:5353 16 DESKTOP-NAE5VQN.local. AAAA 2600:1700:C120:B370:0000:0000:0000:0018
Error: (03/10/2018 07:22:10 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 04:21:05 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 03:02:31 PM) (Source: Application Error)(User: )
Description: HPWMISVC.exe1.3.4.054e2a903OLEAUT32.dll10.0.16299.15a2f491b8c00000050001a8841f7401d3b8b8a7360238c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exeC:\WINDOWS\System32\OLEAUT32.dlldff8873c-ccd0-431e-bb16-96e4fa44778e
Error: (03/10/2018 03:02:27 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
Error: (03/10/2018 02:42:02 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.147) TYPE: ERROR
DPTF Build Version: 8.1.10600.147
DPTF Build Date: May 26 2015 13:35:22
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]
CodeIntegrity Errors:
===================================
Date: 2018-03-11 10:14:32.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 10:14:32.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 10:14:22.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 10:14:22.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:44:32.299
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:44:32.298
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:44:22.586
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:44:22.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:33:14.011
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-11 09:33:14.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
=========================== Installed Programs ============================
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.55 - ArcSoft)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.3 - Arduino LLC)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF4800 Series (HKLM\...\{444085BE-389B-4330-A291-3FC258B846EC}) (Version: 4.1.0.1 - CANON INC.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.5.3 (HKLM-x32\...\{C7953D3C-D23D-4A87-AFD7-F9B6F4DB0CBB}) (Version: 1.5.3 - Cyber Power Systems, Inc.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Document Capture Pro (HKLM-x32\...\{C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37}) (Version: 1.06.0012 - Seiko Epson Corporation)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Easy Photo Scan (HKLM-x32\...\{04A3C7AC-C350-46FA-8F72-C4E3F6B50D07}) (Version: 1.00.0004 - Seiko Epson Corporation)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version: - Primate Labs Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PDFsam Basic (HKLM-x32\...\{0F7F1493-D16D-4C7B-A271-17A12168CCC4}) (Version: 3.30.2.0 - Andrea Vacondio)
PDFsam Enhanced 4 (HKLM-x32\...\PDFsam Enhanced 4) (Version: 4.0.3.32301 - Copyright 2017 Andrea Vacondio)
PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
Perfection V19_V39 User Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V19_V39 User Guide_is1) (Version: 1.0 - )
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5.1 (64-bit) (HKCU\...\{0ee0d38a-fb40-4780-a8f8-73a57f4df39c}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (HKLM\...\{5C8D887B-998A-4708-9120-CE040C4A5B47}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (HKLM\...\{E98CFF92-01E0-4E30-8C72-3C82111091C2}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (HKLM\...\{A47BAF5B-53CC-4E60-847A-E13CAF26F467}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (HKLM\...\{A1B06412-F898-47C9-968F-D3B331ABB202}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
Software Updater (HKLM-x32\...\{C465AB7A-CF61-4648-86E4-7A29BFF2F3A9}) (Version: 4.3.5 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
VCarve Desktop 8.0 (HKLM\...\VCarve Desktop) (Version: 8.0 - Vectric)
Vectric Shell Extensions 1.2 (HKLM-x32\...\VectricThumbnailShellExt) (Version: - Vectric)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.19.43 - Webroot)
Windows Store Gift Card Promo (HKLM-x32\...\{FF74AA30-FF56-4197-8B64-5D63F367BC02}) (Version: 1.0.0.1 - Microsoft Corporation)
YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden
YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 8112.41 MB
Available physical RAM: 5097.83 MB
Total Virtual: 10772.94 MB
Available Virtual: 6848.29 MB
========================= Partitions: =====================================
1 Drive c: (Windows) (Fixed) (Total:917.37 GB) (Free:811.36 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.84 GB) (Free:1.56 GB) NTFS
========================= Users: ========================================
User accounts for \\DESKTOP-NAE5VQN
Administrator Bob DefaultAccount
Guest WDAGUtilityAccount
========================= Restore Points ==================================
14-02-2018 16:24:25 Windows Update
24-02-2018 15:00:42 Scheduled Checkpoint
**** End of log ****
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/11/18
Scan Time: 10:27 AM
Log File: 836151fa-2551-11e8-9641-dc4a3ea76203.json
Administrator: Yes
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4302
License: Trial
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: DESKTOP-NAE5VQN\Bob
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318042
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 18 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2018.03.11.05
rootkit: v2018.03.08.03
Windows 10 x64 NTFS
Internet Explorer 11.248.16299.0
Bob :: DESKTOP-NAE5VQN [administrator]
3/11/2018 10:48:36 AM
mbar-log-2018-03-11 (10-48-36).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 218625
Time elapsed: 16 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.248.16299.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 8506474496, free: 4291489792
Downloaded database version: v2018.03.11.05
Downloaded database version: v2018.03.08.03
Downloaded database version: v2018.01.20.01
Initializing...
=======================================
Driver version: 4.3.0.15
------------ Kernel report ------------
03/11/2018 10:48:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\ki125121.inf_amd64_26ca8ba649abc040\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhm.inf_amd64_c8a41364c1b3daa8\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\VirtualButtons.sys
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\??\C:\Windows\system32\DRIVERS\wrUrlFlt.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\??\C:\WINDOWS\system32\drivers\1252FFAC.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2018.03.11.05
rootkit: v2018.03.08.03
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe5809688e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffe580968909d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe5809688e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffe580945dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe5809210e160, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe5809208d380, DeviceName: \Device\00000041\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3051119426
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 710cc55a-fa43-4ae3-8020-39fb76597949
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3051119426
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 710cc55a-fa43-4ae3-8020-39fb76597949
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 182e0b98-d5fe-45e2-9196-601d35f289d7
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 648e88db-80e6-45bc-8294-c65469d3dcd
FirstLBA 534528 Last LBA 796671
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 243625c0-c1db-412f-8445-2d26d999e3f4
FirstLBA 796672 Last LBA 1924662312
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3fd0fd97-2ee1-47d2-8b2-80759d7e45b8
FirstLBA 1924663296 Last LBA 1926592511
Attributes 1
Partition Name
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 731c1292-15af-4306-975b-192e339fc32
FirstLBA 1926592512 Last LBA 1953517567
Attributes 1
Partition Name Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cldapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\aepic.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7a53e85a72080284c5b5cd703dd282cb\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dd89797400d103abfcfdd7e6c1829dd1\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\02e82312466db461bbcee5eaaa859429\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\95adebdc7528e7a8e4ae9685b1600f38\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\09559970909d096bffb1f8eb605cddfb\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f2a690c7f588336efbc341feb9c9822b\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\86e7f970990faeef3b43b9e8f78222c2\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9f581d4f9a23ed029b2f448ad019f156\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\467b677caf704af4edc117e4e717ba8c\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d67e57958f1c1b935df0426f959ed92b\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a6af07eb12ad728d7433ba41209a786d\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f8025f152ecd6f7b046c136849bf717d\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\ab96d3e2a54bf99e8e108c02ab2f0d05\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\ae463c8f9567c79be370b9aff56aa2e3\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ba23d79855fdf2077add750094bcd0f9\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7071684e37550c616cba4f2c995a6b01\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\abbb4d6643c6ee09c0d53aa8b43ab92c\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_5d7c08dba7db7edd\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Windows\System32\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Users\Bob\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 03/11/2018 11:11:24 AM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\Bob\AppData\Local\Temp\ocrB91B.tmp\bin\rubyw.exe (PID: 16616) [UP-HEUR]
* C:\Users\Bob\AppData\Local\Temp\ocrF98F.tmp\bin\rubyw.exe (PID: 12044) [UP-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 03/11/2018 11:13:16 AM
Execution time: 0 hours(s), 1 minute(s), and 52 seconds(s)